#7 linux tutorial for beginners-Unix Security Model and Utilities-II

#7 linux tutorial for beginners-Unix Security Model and Utilities-II. linux tutorial for beginners 6 Unix Security Model and Utilities-II. To Learn or Teach Linux visit www.theskillpedia.com, A Marketplace for Learners and Trainers. For Corporate Training Requirements Visit My Website www.rnsangwan.com
Slides Contents
The Linux Security Model
Users and groups are used to control access to files and resources.
User log in to the system by supplying their user name and password.
Every file on the system is owned by a user and associated with a group.
Every process has a owner and group affiliation, and can only access the resources it’s owner or group can access.
Users
Every user of the system is assigned a unique User ID number.
Users’ names and uids are stored in /etc/passwd
Users are assigned a home directory and a program that is run when they log on.
User cannot read, write or execute each others’ files without permission.
Groups
Users are assigned to groups with unique group ID numbers.
gids are stored in /etc/group.
Each user is given their own private group.
They can also be added to other groups to gain additional access.
All users in a group can share files that belong to the group.
The primary group can be changed using the newgrp command.
The root user
The root user: a special administrative account.
Sometimes called the superuser.
root has complete control over the system.
An ultimate capacity to damage the system.
You should not log in as root without a very good reason.
Normal users’ potential to do a damage is limited.
Linux File Security
Every file and directory has permissions set that determine who can access it.
Permission are set for:
The owner of the file
The group members
All others
Permissions that are set are called read, write, and execute permissions.
Permission Types
Four symbols are used when displaying permissions:
r permission to read a file or list a directory’s content
w permission to write to a file or create of remove files from a directory.
x permission to execute a program or change into a directory and do a long listing of the directory.
- no permission
A file may be removed by anyone who has write permission to the directory in which the file resides regardless of the ownership or permissions on the file itself.
The first character of the long listing is the file type.
Linux Process Security
When a process accesses a file the user and the group of the process are compared with the user and group of the file.
If the user matches, the user permission apply.
If the group matches, but the user doesn’t, the group permission apply.
If neither match, the other permissions apply.
Every process runs as a under the authority of a particular user and with the authority of one or more groups, this is called the process’s security context.
Changing Permissions- Symbolic Method
To change access modes:
chmod -R mode file…
Where mode is:
u,g or o a : for user, group and other
+ or – : for grand or deny
r,w or x : for read, write and execute
Examples:
ugo+r Grant read access to all.
o-wx Deny write and execute to others.
Multiple comma separated operations can be give in a single command
Changing permissions- Numeric Method
Uses a three-digit mode number.
First digit specifies owner’s permissions.
Second digit specifies group permissions.
Third digit represents other’s permissions.
Permissions are calculated by adding:
4 for read
2 for write
1 for execute
Example:
chmod 640 sangwan.dat
Configuring the Bash Shell
The Shell is configured through a variety of mechanisms:
Local Variables
Aliases and functions
The set and shopt commands
The shell can also configure other commands or applications through environment variables.
Variables
A variable is a label that has a value.
Used to configure the shell or other programs.
Variables are resident in memory.
Two types: local and environment
Local Variables are used only by the shell.
Environment variables are passed onto other commands.
Display variables and values using:
set to display all variables.
env to display environment variables.
The set, env and echo commands can be used to display all variables, environment variables, and a single variable value, respectively.
$ set | more
$ env | less
$ echo $HOME
$ HOME=/home/abi; export HOME
$ echo $HOME
Configure the Shell: Local Variables
Data in Shell scripts and environment settings stored in variables.
Conventionally all upper-case.
Setting variable value:
$FAV_COLOR=blue
To retrieve variable value, use $ before the variable name
$echo $FAV_COLOR
blue
For a list of variables that configure the shell, see the Shell Variables section of the bash man page.
Common Local Variables

This week, we're learning about I/O Redirection. I/O stands for input/output and it lets you redirect the input and output of commands to and from files, and connect multiple command "pipelines". I'm also going to introduce some new commands we haven't co...

A Step by Step process to Create a Backup on SQL Server 2008. Once the backup is taken we shall drop the database and Restore from the Backup . To Learn or Teach Linux visit www.theskillpedia.com, A Marketplace for Learners and Trainers....

While Linux is running our phones, friend requests, tweets, financial trades, ATMs and more, most of us don't know how it's actually built. This short video takes you inside the process by which the largest collaborative development project in the history...

http://www.soundtraining.net/linux-server-training-101 In this video, you'll gain a fundamental understanding of the basics of Linux (and Unix) file and directory permissions including read, write, and execute for the user, group, and world. You'll also...

Thomas Cameron — Chief Architect, Central US, Red Hat, Inc.
In the past, security-enhanced Linux (SELinux) had a reputation as being hard to configure and maintain. Often, Linux admins would turn it off. But SELinux is an important part of a broad secu...